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ABSTRACT 



A data copyright management apparatus for handling data 
copyrights, and data of digital cash and video conference 
system is provided. The data copyright management appa- 
ratus comprises a CPU, ROM, EEPROM, and RAM. The 
ROM, EEPROM, and RAM are connected to the CPU bus, 
and a system bus of a device which utilizes the data can be 
connected to the CPU bus. A data copyright management 
system program, crypt algorithm, and user information are 
stored in the ROM, and a first public-key, a first private-key, 
a second public-key, a second private-key, a first secret-key, 
a second secret-key, and copyright information are stored in 
the EEPROM. The data copyright management apparatus 
may be configured in the form of a monolithic or hybrid IC, 
a thin IC card, PC card, insertion board, and further, may be 
incorporated in a computer, television set, set-top box, 
digital video tape recorder, digital video disk recorder, 
digital audio tape apparatus, or personal digital assistants, 
and the like. 

5 Claims, 14 Drawing Sheets 
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FIG. 2 
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FIG. 4 
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APPARATUS FOR DATA COPYRIGHT 
MANAGEMENT SYSTEM 

This is a divisional of application Ser. No. 08/549,270, 
filed Oct. 27, 1995, now abandoned. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to an apparatus for 
displaying, storing, copying, editing or transferring digital 
data, and protecting digital data copyrights. 

2. Background Art 

In the information-oriented society of today, database 
systems are becoming wide spread in which it is possible to 
use various types of data which were stored independently 
in each computer in the past, by connecting computers via 
communication lines. 

In such a database system, the information handled up to 
this point has been conventionally coded information that 
can be processed by a computer, and that contains a rela- 
tively small amount of information and monochrome binary 
data, such as facsimile information at most. It has not been 
possible to handle data containing a relatively large amount 
of information, such as data for natural pictures or anima- 
tion. 

With the rapid progress of digital processing technique for 
various electric signals, a technique is under development 
for digital processing of picture signals other than binary 
data, which had been handled only as analog signals in the 
past. 

By digitizing the picture signal, it is possible to handle a 
picture signal, e.g., a television signal, by a computer. The 
technology of a "multimedia system" is an emerging tech- 
nology of the future capable of simultaneously handling the 
data handled by computers and digitized picture data. 

Because picture data contains an overwhelmingly large 
amount of information compared with character data and 
audio data, it is difficult to store or transfer or process the 
picture data by computer. For this reason, techniques for 
compressing or expanding picture data have been devel- 
oped. Further, several standards for compression/expansion 
of picture data have been established. For example, the 
following standards have been established as common stan- 
dards: JPEG (Joint Photographic image coding Experts 
Group) standards for still pictures, H.261 standards for video 
conferences, MPEG1 (Moving Picture image coding 
Experts Group 1) standards for picture accumulation, and 
MPEG2 standards for current television broadcasting and 
high definition television broadcasting. By using these new 
techniques, it is now possible to transmit digital picture data 
in real time. 

For analog data, which has been widely used in the past, 
the control of copyrights during processing has not been an 
important issue because the quality of the analog data 
deteriorates each time the data is stored, copied, edited, or 
transferred. The editing of a copyrighted work produced 
according to the above operation has not been a large 
problem. However, the quality of digital data does not 
deteriorate when the data is repeatedly stored, copied, 
edited, or transferred. Therefore, the management and con- 
trol of copyrights during processing of digital data is an 
important issue. 

Up to now, there has been no adequate method for 
management and control of copyrights for digital data. They 
have been managed and controlled merely by copyright law 
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or by contracts. In copyright law, only compensation for 
digital sound or picture recording devices has been pre- 
scribed. 

It is possible not only to refer to the content of a database, 

5 but also to effectively utilize the data obtained from the 
database by storing, copying, or editing the data, and also 
transferring the edited data to the database with the edited 
data registered as new data. Further, it is possible to transfer 
edited data to other persons via a communication link or by 

50 a proper recording medium. 

In a conventional database system, only character data is 
handled. However, in multimedia systems, sound data and 
picture data originally generated as analog data, are digitized 
and used as part of the database in addition to the other data 

15 in the database such as character data. 

Under such circumstances, it is an important question to 
determine how to handle copyrights of the data in the 
database. However, there are no means in the prior art for 
copyright management and control of such actions as 

20 copying, editing, transferring, etc. of data. 

Although data from "software with advertisement" or 
"free software" is generally available free of charge, it is 
copyrighted and its use may be restricted by the copyright 

25 depending on the way it is used. 

The inventors of the present invention proposed a system 
for copyright management, wherein a permit key is obtained 
from a key control center via a public telephone line in 
Japanese Patent Laid-Open No. 46419/1994 and Japanese 

30 Patent Laid-Open No. 141004/1994. Japanese Patent Laid- 
Open No. 132916/1994 by the same inventors also discusses 
an apparatus for copyright management. Furthermore, the 
same inventors proposed a system for managing a copyright 
of digital data in Japanese Patent Application No. 64889/ 

35 1994 (U.S. patent application Ser. No. 08/416,037) and 
Japanese Patent Application No. 237673/1994 (U.S. patent 
application Ser. No. 08/536,747). 

In these systems and apparatus, one who wants to view 
and listen to encrypted programs requests viewing from a 

40 control center via a communications line by using a com- 
munication device. The control center sends a permit key to 
the requester, performs charging and collects a fee. 

After receiving the permit key, the requester sends the 
permit key to a receiver by using an on-line or off-line 

45 means. The receiver then decrypts the encrypted programs 
using the permit key. 

The system disclosed in Japanese Patent Application No. 
64889/1994 (U.S. patent application Ser. No. 08/416,037) 
uses a program and copyright information for managing the 

50 copyright, in addition to the permit key, so that the copyright 
for display (including sound processes), storage, copying, 
editing, or transferring of the digital data in the database 
system, including real-time transmission of a digital picture, 
can be managed. The program for managing the copyright 

55 watches and manages to prevent a user from using the digital 
data outside the conditions of the user's request or permis- 
sion. 

Japanese Patent Application No. 64889/1994 (U.S. patent 
application Ser. No. 08/416,037) further discloses that data 

60 is supplied in encrypted form from a database, decrypted by 
a copyrighi management program when displayed or edited, 
and encrypted again when it is stored, copied or transferred. 
Also, the copyright management program, being encrypted, 
is decrypted by a permit key The copyright management 

65 program thus decrypted performs encryption and decryption 
of copyright data, and when data is utilized other than for 
storage and display, copyright information including infor- 
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mation about the user, being stored as a history in addition 6, n-orderuser terminal 7, and copyright management center 

to the original copyright information, is disclosed. 3 are connected to the communication network 2. They can 

A general description of cryptography is provided below, also be connected each other. 

Cryptography includes a secret-key cryptosystem and a In FIG- 1, a path shown by a broken line represents a path 

public-key cryptosystem. 5 for encrypted data. A path shown by a solid line represents 

The secret-key cryptosystem is a cryptosystem using the a P ath of re 1 uests from ea ch user terminal. A path shown by 

same crypt key for encryption and decryption. While this a ODe - dot chain hne represents a path through which a crypt 

cryptosystem requires only a short time for encryption or kev and authorization information corresponding to a utili- 

decryption, if the secret-key is found, the cryptogram may zation K ^ s{ for data are transferred. A path shown by a 

be cryptanalyzed. 10 two-dot chain line represents a path through which copyright 

tl q „, ur i * * * i_ * i_ information is transferred from the database or from one 

The public-key cryptosystem is a cryptosystem in which j, t , 0 i omant tft ♦ a a* i * v .- 

t / • Li- .1- , data element to a next-order data element within the copv- 

a key for encryption is open to the public as a public-key, rf ht manaeement Py 

and a key for decryption is not open to the public. The key c . , * , . . 

f^r v *tL a * ur 1 j -i * c J Each user who uses this system has previously been 

tor encryption is referred to as a public-key and the key for , c . A - tU A . , t . . « . / , . , 

, *• • r j j • . i ^ J t . is entered in the database system and has been provided with 

S«m T 35 th^th ^ 1° ^ t database utilization software - 11,6 daUbase utaization 

information encrypts the inflation vrithVpuSeytf ™ inCludeS 8 P<°S ram for dec ™ tin S ™ «>PV 

the party receiving the information. The party receiving the ^TX^TTZ T ? TT" 

•rS mn *; # *u - t *• %u • * i . mcation software such as data communications protocols. 

mformation decrypts the information with a private-key not ^ , . u ^ . F . 

trt «„ufo \in,-i fu- ♦ • 20 To use the database 1, a primary user prepares pnmary- 

re P i!Ll P , cryptosystem requires a use( autnentication data Au [ ( , ^ ^ , ^rt 

nnvrllv^n 8 • k TT 0 ",! ° r , he private-key Kvl corresponding to the first public-key Kbl. 

private-key cannot easily be found, and it is very difficult to , co ^„ A i„uu„ i™, v£o n a a - * \ v A 

crvptanalvze the crvDtoeram second public-key Kb2, and a second private-key Kv2 

yp s corresponding to the second public-key Kb2. The primary 

In cryptography, a case of encrypting a plaintext M with 25 user accesses the database 1 from the primary user terminal 

a crypt key K to obtain a cryptogram C is expressed as 4 v i a t h e communication network 2. 

oehc u\ ^ e database 1, receiving the primary -user authentication 

data Aul, first public-key Kbl and second public -key Kb2 
and a case of decrypting the cryptogram C with the crypt key tom the P rimarv confirms the primary-user authent- 
ic to obtain the plaintext M is expressed as 30 catl0n data Aul md transfers the confirmed primary-user 



authentication data Aul to the copyright management center 
m=d(k, c). 3 as the primary user information Iul. 

The database 1 prepares two secret-keys, first secret-key 
The cryptosystem used for the present invention uses a Ksl and second secret-key Ks2. The second secret-key Ks2 
secret-key cryptosystem in which the same secret-key Ks is 35 is transferred to the copyright management center 3. 
used for encryption and decryption, and a public-key cryp- As the result of the above transfer, a permit key corre- 
tosystem in which a public-key Kb is used for encryption of sponding to primary utilization, the primary user informa- 
plaintext data and a private -key Kv is used for decryption of tion Iul, original copyright information IcO and the second 
a cryptogram. secret-key Ks2 are stored in the copyright management 

FIG. 1 shows a structure of the data copyright manage- 40 center 3. In this case, the original copyright information IcO 
ment system disclosed in the Japanese Patent Application is used for copyright royalties distribution. 
No. 237673/1994, (U.S. patent application Ser. No. 08/536, When a primary user who desires data utilization accesses 
747) in which the apparatus for data copyright management the database 1 from the primary user terminal 4, a data menu 
system of the present invention can be used. is transferred to him. In this case, information for charges 

In this system, encrypted data is supplied via two-way 45 may be displayed together with the data menu, 
communication in accordance with a request from the pri- When the data menu is transferred, the primary user 
mary user 4. retrieves the data menu and selects the data M. In this case, 

This system uses the secret-key cryptosystem and the the original copyright information IcO of the selected data M 
public-key cryptosystem as a cryptosystem. is transmitted to the copyright management center 3. The 

It will be obvious that this system can be applied when 50 primary user selects permit key Kpl corresponding to the 
using a satellite broadcast, ground wave broadcast, CATV required form of the usage such as viewing, storing, 
broadcast or a recording medium other than a database as the copying, editing and transferring of data. Permit key Kpl is 
data supply means provided with advertisement requiring no also transmitted to the copyright management center 3. 
charge or encryption. Because viewing and storing of data are the minimum 

In this system, reference numeral 1 represents a database, 55 required forms of use for the primary user, these forms of 
4 represents a primary user terminal, 5 represents a second- use may be excluded from the choices, thus offering only 
ary user terminal, 6 represents a tertiary user terminal, and copying, editing and transferring as choices. 
7 represents an n-order user terminal. Also, reference The original data MO is read out of the database 1 in 
numeral 3 represents a copyright management center, 8-10 accordance with a request of the primary user. The read 
represent a secondary copyright data, tertiary copyright data, 60 original data M0 is encrypted by the first secret-key Ksl: 
and n-order copyright data, respectively, stored at the copy- 
right management center 3. Reference numeral 2 represents Qn(toi-E(&i, mo). 

a communication network such as a public telephone line The encrypted data CmOksl is provided with the unen- 
offered by a communication enterprise or a CATV line crypted original copyright information IcO. 
offered by a cable television enterprise. 65 The first secret-key Ksl is encrypted by the first public- 

In the above arrangement, the database 1, primary user key Kbl and the second secret-key Ks2 is encrypted by the 
terminal 4, secondary user terminal 5, tertiary user terminal second public-key Kb2: 
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Ckslkbl=E(Kbl, Ksl) 
Ocs2kb2=E(Kb2, Ks2). 

While the copyright management program P is also 
encrypted by the second secret-key Ks2: 5 

Cpks2-E(Ks2, P), 

the copyright management program P may not always be 
encrypted by the second secret-key Ks2 but it may be 
encrypted by any other proper crypt key. 

The encrypted original data CmOksl, encrypted copyright 
management program Cpks2, and two encrypted secret-keys 
Ckslkbl and Cks2kb2 are transferred to the primary user 
terminal 4 via the communication network 2 and charged, if JS 
necessary. 

It is possible to store the encrypted copyright management 
program Cpks2 in means such as in a ROM in the user 
terminal 4 instead of supplying it from the database 1. 

The primary user receiving the encrypted original data 2Q 
CmOksl, two encrypted secret-keys Ckslkbl and Cks2kb2, 
and encrypted copyright management program Cpks2 from 
the database 1 decrypts the encrypted first secret-key 
Ckslkbl with the database utilization software using the 
first private-key Kvl corresponding to the first public-key 
Kbl: 

Ksl-D(Kvl, Ckslkbl), 

and decrypts the encrypted second secret-key Cks2kb2 using 
the second private-key Kv2 corresponding to the second 30 
public-key Kb2: 

Ks2-D(Kv2, Cks2kb2). 

The primary user decrypts the encrypted copyright man- 
agement program Cpks2 using the decrypted second secret- 35 
key Ks2: 

P=D(Ks2, Cpks2). 

Finally, the primary user decrypts the encrypted data 40 
CmOksl by the decrypted copyright management program P 
using the decrypted first secret-key Ksl: 

M0=D(Ksl, CmOksl) 

and uses the decrypted original data MO directly or data Ml 45 
as edited. 

As described above, the first private-key Kvl and second 
private-key Kv2 are crypt keys prepared by the primary user 
but not open to others. Therefore, even if a third party 
obtains the data M, it is impossible to use the encrypted data 50 
M by decrypting it. 

Thereafter, to store, copy, or transfer the data M as the 
original data MO or the edited data Ml, it is encrypted and 
decrypted using the second secret-key Ks2: 

55 

Cmks2=E(Ks2, M) 
M =D(Ks2, Cmks2). 

The decrypted second secret-key Ks2 is thereafter used as 
a crypt key for encrypting/decrypting data when storing, 60 
copying, or transferring the data. 

The first private-key Kvl and second private-key Kv2, the 
first secret-key Ksl and second secret -key Ks2, the data M, 
the copyright management program P, the original copyright 
information IcO and copyright information Icl, containing 65 
information about the primary user and the editing date and 
time, are stored in the primary user terminal 4. 
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Further protection is provided by attaching the copyright 
information Icl to the data as copyright information label, 
and adding the digital signature. 

The encrypted data Cmks2 is encrypted to be distributed. 
Since the copyright information label provides a clue to 
obtain the second secret-key Ks2 which is the key for 
decryption, the second secret key Ks2 cannot be obtained in 
the case where the copyright information label is removed 
from the encrypted data Cmks2. 

When the encrypted data Cmks2 is stored in the primary 
user terminal 4, the second secret-key Ks2 is stored in the 
terminal 4. However, when the encrypted data Cmks2 is not 
stored in the primary user terminal 4 but is copied to the 
recording medium 11 or transferred to the secondary user 
terminal 5 via the communication network 2, the second 
secret-key Ks2 is disused in order to disable subsequent 
utilization of the data in the primary user terminal 4. 

In this case, it is possible to set a limitation for repetitions 
of copying or transferring of the data so that the second 
secret-key Ks2 is not disused within limited repetitions of 
copying and transferring of the data. 

The primary user who is going to copy the data M to the 
external recording medium 11 or transmit the data M via the 
communication network 2 must prepare the second secret- 
key Ks2 to encrypt the data M by this second secret-key Ks2 
before copying or transmitting the data: 

Cmks2=E(Ks2, M). 

The unencrypted original copyright information IcO and 
primary-user copyright information Icl are added to the 
encrypted data Cmks2. 

Before using a database, a secondary user, similar to the 
primary user, prepares authentication data Au2 for authen- 
ticating the secondary user, a third public-key Kb3, a third 
private-key Kv3 corresponding to the third public-key Kb3, 
a fourth public-key Kb4, and a fourth private-key Kv4 
corresponding to the fourth public -key Kb4. 

The secondary user who desires secondary utilization of 
the copied or transferred encrypted data Cmks2 must des- 
ignate the original data name or number to the copyright 
management center 3 in order to request secondary utiliza- 
tion from the secondary user terminal 5 via the communi- 
cation network 2. In this time, the secondary user also 
transfers the third public-key Kb3 and the fourth public-key 
Kb4, as well as the secondary user authentication data Au2, 
original copyright information IcO and primary user copy- 
right information Icl. 

The copyright management center 3 receiving the sec- 
ondary utilization request from the secondary user confirms 
the secondary-user authentication data Au2, and transfers 
confirmed secondary-user authentication data Au2 to the 
tertiary copyright data 9 as secondary user information. 

When the secondary copyright information Icl of the 
primary user is transferred, the secondary copyright infor- 
mation Icl is provided to the secondary copyright data 8, 
and then, secondary copyright data 8 recognizes the sec- 
ondary copyright information Icl to be transferred to the 
tertiary copyright data 9. 

The secondary user selects permit key Kp2 corresponding 
to the form of data usage such as viewing, storing, copying, 
editing and transferring of daia. Permit key Kp2 correspond- 
ing to the selected usage is sent to the tertiary copyright data 
9. 

Because viewing and storing of data are the minimum 
required forms of use for the secondary user, these forms of 
use may be excluded from the choices, offering only 
copying, editing and transferring as the choices. 
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The secondary copyright data 8 prepares a third secret- 
key Ks3. The prepared third secret-key Ks3 is transferred to 
and stored in the tertiary copyright data 9. 

As the result of the above transfer, the permit key Kp2, 
primary user copyright information Icl, primary user infor- 
mation Iul, original copyright information IcO, secondary 
user information Iu2, and third secret-key Ks3 are stored in 
the tertiary copyright data 9. The permit key Kp2, primary 
user copyright information Icl, and primary user informa- 
tion Iul are used for copyright royalties distribution. 

Hereafter similarly, permit key Kpn corresponding to 
n-order usage, copyright information for secondary exploi- 
tation right Icn-1 of (n-l)-order user, primary user informa- 
tion Iul, original copyright information IcO, n-order user 
information Iun, and n-th secret-key Ksn are stored in 
n-order copyright data 10. 

The permit key Kp2, primary user information Iul, origi- 
nal copyright information IcO and second secret-key Ks2 are 
read out of the secondary copyright data 8. The original 
copyright information IcO is used for copyright royalties 
distribution. 

The read second secret-key Ks2 and third secret-key Ks3 
are encrypted by the third public-key Kb3 and fourth public- 
key Kb4 of the secondary user respectively: 

Ocs2kb3-E(Kb3 > Ks2) 
Cks3kb4=E(Kb4, Ks3). 

The copyright management program P is encrypted by the 
third secret-key Ks3: 

Cpks3=E(Ks3, P). 

The encrypted copyright management program Cpks3, 
encrypted second secret-key Cks2kb3, and encrypted third 
secret-key Cks3kb4 are transferred to the secondary user 
terminal 5 via the communication network 2. In this case, 
charging is performed, if necessary. 

The secondary user, receiving two encrypted secret-keys, 
Cks2kb3 and Cks3kb4, and the encrypted copyright man- 
agement program Cpks3 from the secondary copyright data 
8, and using the database utilization software decrypts the 
encrypted second secret-key Cks2kb3 by the third private - 
key Kv3, and decrypts the encrypted third secret-key 
Cks3kb4 by the fourth private-key Kv4 corresponding to the 
fourth public-key KM: 

Ks2-D(Kv3, Cks2kb3) 
Ks3«D(Kv4, Cks3kM). 

The encrypted copyright management program Cpks3 is 
decrypted by the decrypted third secret-key Ks3: 

P-D(Ks3, Cpks3). 

Then, the encrypted data Cmks2 is decrypted for use by 
the decrypted second secret-key Ks2 using decrypted c 
opyright management program P: 

M=D(Ks2, Cmks2). 

As described above, the third private-key Kv3 and the 
fourth private-key Kv4 are prepared by the secondary user 
but not opened to others. Therefore, even if a third party 
obtains the encrypted data Cmks2, it is impossible to use the 
data by decrypting it. 

Each user who uses the above-mentioned system must 
have previously been entered in the database system, and 
when entered in the system is provided with database 
software. 
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Because the software includes not only normal commu- 
nication software, such as a data communication protocols 
but also a program for decrypting a copyright management 
program by a first crypt-key, protection is necessary. 
5 A first crypt-key Kl, a second crypt -key K2, and a 
copyright management program P are transferred to each 
user in order to use data M Each user keeps these keys and 
the program. 

Further, the copyright information label, the user 

3Q information, the public-key and private-key in the public- 
key cryptosystem and the program containing the algorithm 
for generating the secret-key are stored when needed. 

For storing them, the simplest means to use is a flexible 
disk. However, the flexible disk is easy to lose or alter. 
A hard disk drive is also subject to loss or alteration of 

15 data, though it is more stable than the flexible disk. 

Recently, use of an IC card has spread in which an IC 
element is sealed in a card-like package. Particularly, stan- 
dardization of a PC card with a microprocessor sealed inside 
has developed for PCMCIA cards and JEIDA cards. 

20 The data copyright management apparatus proposed by 
the present inventors in the Japanese Patent Application No. 
237673/1994 (U.S. patent application Ser. No. 08/536,747) 
is described in FIG. 2. 

The data copyright management unit 15 is configured as 

25 a computer system comprising a microprocessor (CPU) 16, 
a local bus 17 of CPU 16, read only memory (ROM) 18 
connected to local bus 17, and write/read memory (RAM) 
19, and wherein the local bus 17 is connected to system bus 
22 of the microprocessor 21 of the user terminal 20. 

30 Further, a communication unit (COMM) 23 which 
receives data from an external database and transfers data to 
the external database; a CD-ROM drive (CDRD) 24 which 
reads data provided by CD-ROM; a flexible disk drive 
(FDD) 25 which copies received or edited data to a flexible 

35 disk drive to provide the outside with such data, and a hard 
disc drive (HDD) 26 which stores data are connected to the 
system bus 22 in the user terminal 20. 

As is typical, ROM and RAM or the like are connected to 
the system bus 22 of the user terminal. However, this is not 

40 shown in the figure. 

Fixed information, such as software and user data, for 
utilizing the database is stored in ROM 18 of the data 
copyright management unit 15. A crypt-key and the copy- 
right management program provided from the key control 

45 center or copyright management center are stored in RAM 
19. 

The process of decryption and re-encryption are per- 
formed by the data copyright management unit 15, only the 
results of which are transferred to the user terminal 20 via 
50 the local bus 17 and the system bus 21 of the user terminal. 

The data copyright management unit 15 is implemented 
as monolithic IC, hybrid IC, an expansion board, an IC card, 
or a PC card. 

55 SUMMARY OF THE INVENTION 

In the present application, apparatus for a data copyright 
management system, resulting from the further implemen- 
tation of the apparatus used with the user terminal proposed 
in the Japanese Patent Application No. 237673/1994, (U.S. 
60 patent application Ser. No. 08/536,747) is proposed. 

The apparatus for data copyright management in the 
present invention is attached to the user terminal, which 
comprises a central processing unit, central processing unit 
bus, read only semiconductor memory, electrically erasable 
65 programmable read-only memory, and read/write memory. 

The central processing unit, read only semiconductor 
memory, electrically erasable programmable read-only 
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memory, and read/write memory are connected to the central 
processing unit bus. Also, the system bus of a unit which 
utilizes the data can be connected to it. A data copyright 
management system program, a crypt algorithm, and user 
information are stored in the read only semiconductor 
memory. A second private-key, permit key, second secret- 
key, and copyright information are stored in the electrically 
erasable programmable read-only memory. The first public- 
key, first private-key, second public-key, and first secret-key 
are transferred to the read/write memory during operation of 
the unit. If the copyright management program is provided 
from the outside, it is stored in the EEPROM. Otherwise, it 
is stored in ROM. 

As embodiments of the data copyright management 
apparatus, a monolithic IC, a hybrid IC, a thin IC card, a PC 
card, and a board for insertion may be used. 

In the data copyright management system described 
above as a Japanese Patent Application, while the obtained 
encrypted data is decrypted for displaying/editing, the 
obtained or edited data is re-encrypted to store/copy/transfer, 
so that no unauthorized use of the data is allowed. 

Accordingly, in the apparatus used in the data copyright 
management system of the present invention, re-encryption 
of data, as well as decryption of data should be performed 
concurrently. However, the data copyright management 
apparatus described in the Japanese Patent Application can 
perform only one process of either data decryption or data 
re-encryption at the same time. 

Thus, in the present application, a data copyright man- 
agement apparatus is proposed which, at the same time, can 
decrypt and re-encrypt the supplied encrypted data to per- 
form copyright management and control. 

For this purpose, data which was encrypted and provided 
is decrypted and re-encrypted by adding at least one 
microprocessor, and preferably two microprocessors which 
are a microprocessor of the user terminal and added one, in 
addition to the microprocessor that controls the entire user 
terminal therein. When one microprocessor is added, one of 
the two microprocessors which include the microprocessor 
of the user and the added one, will decrypt data and the other 
will re-encrypt data. 

When two microprocessors are added, one of the added 
microprocessors will decrypt data, another microprocessor 
will re -encrypt data, and the third microprocessor of the user 
terminal will control the entire operation. 

Although the added microprocessors may be connected to 
the system bus of the microprocessor in the user terminal, 
this configuration may not allow a multiprocessor configu- 
ration to operate plural microprocessors concurrently. 
Therefore, in the present application, a data copyright man- 
agement apparatus is implemented as a multiprocessor con- 
figuration utilizing SCSI bus or PCI bus. 

Other than character data, digital data includes graphic 
data, computer programs, digital audio data, still picture data 
of the JPEG standard, and motion-picture works of the 
MPEG standard. While the data applications comprising 
these data forms are utilized by using various apparatus, it 
is necessary that these apparatus also include the data 
copyright management function. 

Thus, in the present application, it is proposed that, as a 
form of use, these data copyright management apparatus and 
the data copyright management apparatus described in the 
prior application be incorporated in various systems. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of the data copyright manage- 
ment system of Japanese Patent Application No. 237673/ 
1994 (U.S. patent application Ser. No. 08/536,747). 
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FIG. 2 is a block diagram of the data copyright manage- 
ment apparatus of Japanese Patent Application No. 237673/ 
1994 (U.S. patent application Ser. No. 08/536,747). 

FIG. 3 is a block diagram of the data copyright manage - 
5 ment apparatus of a first embodiment of the present inven- 
tion. 

FIG. 4 is a specific block diagram of the data copyright 
management apparatus of a first embodiment of the present 
invention. 

10 FIG. 5 is a process flow chart of a data copyright 
management system related to the present invention. 

FIG. 6 is a block diagram of the data copyright manage- 
ment system of Japanese Patent Application No. 237673/ 
15 1994 (U.S. patent application Ser. No. 08/536,747). 

FIG. 7 is a flow chart of a general editing process for 
digital data. 

FIG. 8 is a flow chart of an encrypted data editing process 
of the present invention. 
20 FIG. 9 is a block diagram of the data copyright manage- 
ment apparatus of a second embodiment of the present 
invention. 

FIG. 10 is a block diagram of the data copyright man- 
agement apparatus of a third embodiment of the present 
25 invention. 

FIG! 11 is a block diagram of the data copyright man- 
agement apparatus of a fourth embodiment of the present 
invention. 

FIG. 12 is a block diagram of the data copyright man- 
agement apparatus of a fifth embodiment of the present 
invention. 

FIG. 13 is a block diagram of the data copyright man- 
agement apparatus of a sixth embodiment of the present 
35 invention. 

FIG. 14 is a block diagram of the digital cash system as 
one example of use of the present invention. 

FIG. 15 is a block diagram of the video conference system 
as one example of use of the present invention. 

40 DETAILED DESCRIPTION 

The detailed embodiments of the present invention are 
described below with reference to the drawings. 

A first embodiment of the data copyright management 
45 apparatus related to the present invention is shown in the 
block diagram of FIG. 3. 

The data copyright management unit 30 includes electri- 
cally erasable programmable read-only memory (EEPROM) 
31 in addition to the components of the data copyright 
50 management unit 15 described in Japanese Patent Applica- 
tion No. 237673/1994 (U.S. patent application Ser. No. 
08/536,747). 

The data copyright management unit 30 is a computer 
system having CPU 16 and local bus 17 of CPU 16, as well 
55 as ROM 18, RAM 19, and EEPROM 31 which are con- 
nected to local bus 17, wherein local bus 17 is connected to 
the system bus 22 of the microprocessor 21 in the user 
terminal 20. 

Further, communication unit (COMM) 23, which receives 
60 data from an external database and transfers data outside; 
CD-ROM drive (CDRD) 24, which reads data provided by 
CD-ROM; a flexible disc drive (FDD) 25, which copies data 
received or edited in order to supply it to the outside; and 
hard disk drive (HDD) 26, which stores data, are connected 
65 to the system bus 22 of the user terminal 20. 

ROM and RAM are connected to the system bus 22 of the 
user terminal. However, they are not shown in the figure. 
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Fixed information such as a data copyright management area 35, the first public-key Kb 1, the first private-key Kvl, 

program P, a cryptography program Pe based on a crypt the second public-key Kb2, and the second private-key Kv2 

algorithm, and user data Iu are stored in ROM 18. are stored. 

A crypt-key K and copyright information Ic are stored in i n the second area 36, the copyright management program 

EEPROM 31 . Further, when the data copyright management 5 P, the first secret-key Ksl for use as a permit key for primary 

program and cryptography program are supplied from use (for examp ie, as a view permit, store permit, copy 

outside, such as from a database, they are stored in permit, edit permit, or transfer permit), and the second secret 

EEPROM 31, rather than in ROM 18. key ^ for use ^ a permit key for secondary use (for 

The data copyright management unit 30 performs the example, as a view permit, store permit, copy permit, edit 

process of decryption or re -encryption, only the result of 10 permit or transfer permit) are stored. However, in some 

which is transferred to the user terminal 20 via local bus 17 cases wrjer e the copyright management program P is not 

and system bus 22. supplied from the outside, but preset in the user side, the 

Besides, either one of the first crypt-key or the second copyright management program P is stored in the read only 

crypt-key supplied from the key control center or the copy- memory 18, rather than in the second area 36 of the 

right management center, and the data copyright manage- 35 electrically erasable programmable read-only memory 31. 

ment system program are stored in RAM of the user terminal j n ^ t hiid area 37, an access control key and copyright 

20. information such as the original copyright information and 

The data copyright management unit 30 is implemented the secondary copyright information are stored, 

as a monolithic IC, a hybrid IC, an expansion board, an IC As j n me case of the electrically erasable programmable 

card, or a PC card. 20 rea d-only memory 31, the inside of the write/read memory 

Fixed data such as a data copyright management program, 19 is divided into three areas. In the first area 32, the first 

a cryptography program based on a crypt algorithm, and user public-key Kbl, the first private-key Kvl, and the second 

data are stored in ROM 18 of the data copyright manage- public-key Kb2 are stored during operation. In the second 

ment unit 30 in the first embodiment. area 33, the first secret-key Ksl for use as a permit key in 

Further, a decryption program, a re-encryption program, 25 the primary utilization (for example, as a view permit, store 

and a program for generating secret-keys based on a known permit, copy permit, edit permit, or transfer permit) is stored 

secret-key algorithm may be stored in ROM 18. during operation. In the third area 34, an access control key 

A crypt-key and copyright information are stored in is stored during operation. 
EEPROM 31. Also, when the copyright management pro- The user terminal attached with the data copyright man- 
gram and the cryptography program are supplied from the 30 agement apparatus is reliable since it performs all of the 
outside, such as from a database, they are stored in processes for utilizing data within the data copyright man- 
EEPROM 31, rather than ROM 18. Still, the EEPROM is agement unit related to the present invention, so that only the 
not necessarily required and may be omitted. results are transferred to the user terminal for various 

Either one of the first crypt-key or the second crypt-key ^ g utilization, 
supplied from the key control center or copyright manage- When picture data containing large amounts of informa- 
ment center, and the data copyright management system tion is transferred/received, original data is transmitted after 
program are stored in RAM 19. However, information such being compressed to reduce the amount of data. The com- 
as software and the user data required by MPU 46 in the user pressed data is expanded after reception to utilize it. In this 
terminal 20 are supplied to the user terminal 20 by the 4Q case, the data copyright may be managed by encryption, 
software, and stored in RAM of the user terminal 20. FIG. 5 is an example of data copyright management flow 
Besides either one of the first crypt-key or the second when encrypted data of a digital picture is compressed 
crypt-key supplied from the key control center or the copy- according to the JPEG or MPEG standard. The flow is 
right management center, and the data copyright manage- divided into transmitting side flow and receiving side flow 
ment system program are stored in RAM of the user terminal ^ with a transmit line in between. The receiving side flow is 
unit 20. further divided into display flow and storage flow. 

The process of decryption and re-encryption are shared by The signal process on the transmitting side consists of a 

MPU 46 of the main body of the user terminal 20 and CPU process of preparing a digital picture and a process of 

16 of the data copyright management unit 30; one processing the digital picture prepared. In this process, if an 

re-encrypts data and the other decrypts data, and only the 5Q original picture is the digital picture 41, it proceeds to next 

processed results of the data copyright management unit 30 process. If an original picture is an analog picture 40, a 

are transferred to the user terminal. digitizing process 42 is performed. 

The specific internal structure of the data copyright man- The digital picture is compressed (43) first according to a 

agement unit 30 in FIG. 3 is shown in FIG. 4. given standard such as JPEG or MPEG, then the compressed 

A microcomputer (CPU) 16, read only semiconductor 55 digital data is encrypted (44) using the first secret-key. 

memory (ROM) 18, write/read memory (RAM) 19, and The picture data signal processed on the transmitting side 

electrically erasable programmable read-only memory is transmitted through transmission line 45, such as a satel- 

(EEPROM) 31 are enclosed in the data copyright manage- lite broadcasting wave, terrestrial broadcasting wave, CATV 

ment unit 30, and are connected to microcomputer bus 17 of wave, or public telephone line/ISDN line. Further, recording 

the microcomputer 16. The microcomputer bus 17 is further 60 media such as a digital video tape, a digital video disk, or 

connected to system bus 22 of the user terminal 20 main CD-ROM may be used as the transmission line, 

body. Thus, the picture data transmitted to the receiving side is 

The data copyright management system program, crypt decrypted (46) first using the first secret key, then the 

algorithm, and the user information are stored in the read compressed picture data is expanded (47) to be displayed 

only semiconductor memory 18. 65 (49). When the display is a digital data display unit, it is 

The electrically erasable programmable read-only directly displayed, however, when it is an analog data 

memory 31 is divided internally into three areas. In the first display unit, it is converted to analog data 48. 
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When data is stored in hard disk, flexible disk, optical CmOksi=E(Ksi, MO), 
magnetic disk, writable video disk or the like, it is stored 

after being regenerated (50) using the second secret key. c Eve ° rf data 15 P rovided ^ adv ertisement to be offered 

¥ j • i ■ .1 • . j , ,i *t- i« * j free of charge, encryption is necessary in order to protect the 

In redisplaying the picture data that has been re-encrypted ' ht 

and stored, it is re-decrypted (52) using the second secret 5 j.' , . . T n . . * i- xt 

i a a i j i> *i_ j* i •* * j- i j * It is disclosed in the Japanese Patent Application No. 

key and displayed (49). If the display unit is a digital data </1flon/1 nn/( , ITC • * r ♦• o xt /w>mi* ™-t\ 

a- \ • j • ii j ■ * j 1 1 *f - t • 64889/1994 (U.S. patent application Ser. No. 08/416,037) 

display unit, it is directly displayed. However, if it is an # , w . , . v ... *. . , j , , . 17 f 

nnninn a * ,11 % • j * i a* /ao\ tnat tne " ata utilization includes not only displaying of data 

analog data display unit, it is converted to analog data (48). , . * u ■ u - i : • j- • 

„ , . , . which is the most basic usage, but also stonng, editing, 

For data compression/expansion means and the transmis- ^ aad transferrmg of the data . A use permit key is 

sion path, appropriate ones compatible with the data are *> which to Qne 0f form / Qf 

use * usage, and its management is executed by the copyright 

FIG. 6 shows an example of the data copyright manage- management program, 

ment system disclosed in the Japanese Patent Application Moreover, it is described there that data is encrypted again 

No. 237673/1994 (U.S. patent application Ser. No. 08/536, b y the copyright management program for uses such as 

747). This system uses the secret-key system as a crypto- storingj copying, editing and transferring of the data other 

system. t h an displaying of the data and displaying for editing the 

In the case of this system, reference numeral 1 represents data, 

a database in which text data, binary data serving as a in other words, the data whose copyright is claimed is 

computer graphic display or a computer program, digital ^ encrypted to be distributed. Only when the data is displayed 

audio data, and digital picture data are stored by being or displayed for editing the data in a user terminal having a 

encrypted. Reference numeral 14 represents a space satellite copyright treatment function, is the data decrypted to a 

such as a communications satellite or a broadcasting satel- plaintext format. 

lite. Reference numeral 15 represents a data recorder such as This system disclosed in Japanese Patent Application No. 
a CD-ROM or a flexible disk. Reference numeral 2 repre- 25 237673/1994 (U.S. patent application Ser. No. 08/536,747) 
sents a communication network such as a public telephone uses the method described in the Japanese Patent Applica- 
ble offered by a communication enterprise or a CATV line tion No. 64889/1994 (U.S. patent application Ser. No. 
offered by a cable television enterprise. Reference numeral 08/416,037). 

4 represents a primary user terminal. Reference numeral 16 A primary user who desires primary utilization of the 

represents a key control center for managing a secret-key, 3Q supplied encrypted data CmOksl requests for primary utili- 

and reference numeral 17 represents a copyright manage- zation of the encrypted original data CmOksl by designating 

ment center for managing a data copyright. the original data name or the original data number to the key 

Reference numerals 5, 6, and 7 represent a secondary user control center 16 via the communication network 2 from the 

terminal, a tertiary user terminal, and n-order user terminal primary user terminal 4. In this case, the primary user must 

respectively. Reference numerals 11, 12, and 13 represent a 35 present information Iul for the primary user to the key 

secondary disk, tertiary disk, and n-order disk serving as a control center 16. 

recording medium such as a flexible disk or CD-ROM The key control center 16, receiving the primary utiliza- 

respectively. The symbol "n" represents an optional integer. tion request from the primary user terminal 4, transfers first 

When "n" is larger than four, a corresponding user terminal secret-key Ksl for decrypting the encrypted original data 

and a corresponding disk are arranged between the tertiary CmOksl obtained from the database 1 by the primary user 

user terminal 6 and the n-order user terminal 7 and between and second secret-key Ks2 for re-encrypting the decrypted 

the tertiary disk 12 and the n-order disk 13 respectively. original data M0 or edited data Ml from the original data, 

In the above arrangement, the database 1, key control together with a copyright management program P via the 

center 16, copyright management center 17, primary user communication network 2 to the primary user terminal 4. 

terminal 4, secondary user terminal 5, tertiary user terminal 45 In the primary user terminal 4, receiving the first secret - 

6, and n-order user terminal 7 are connected to the commu- key Ksl as a decryption key and the second secret-key Ks2 

nication network 2. as an encryption/decryption key, the encrypted original data 

In FIG. 6, the path shown by a broken line is a path of CmOksl is decrypted by the first secret-key Ksl using the 

encrypted data; a path shown by a solid line is a path of copyright management program P: 

requests from each user terminal; and a path shown by a 50 Mo-nric 

one-dot chain line is a path through which authorization ' m 

information corresponding to a utilization request and a to use the decrypted original data M0 directly or data Ml as 

secret-key are transferred. edited. 

Each user who uses this system has been previously When the data M, which is the original data M0 or edited 

entered in the database system. When the user is entered in ss data Ml, is stored in a memory or a built-in hard disk drive 

the system, database utilization software is provided to the of the primary user terminal 4, only the primary user can use 

user. The database utilization software includes not only the data. However, when the data M is copied to the external 

normal communication software such as a data communi- recording medium 11, such as a flexible disk, or transmitted 

cation protocol, but also a program for running a copyright to the secondary user terminal 5 via the communication 

management program. 60 network 2, a copyright problem due to secondary utilization 

Original data MO of text data, binary data as a computer occurs, 

graphic display or computer program, digital audio data, or When the original data M0 obtained by the primary user 

digital picture data stored in the database 1 or data recording is directly copied and supplied to a secondary user, the 

medium 15 is supplied via one-way communication to the copyright of the primary user is not effected on the data M0 

primary user terminal 4 via the communication network 2, 65 because the original data M0 is not modified at all. However, 

satellite 14 or recording medium 15. In this case, the data is when the primary user produces new data Ml by editing the 

encrypted with a first secret-key Ksl: obtained data M0 or by using means such as combination 
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with other data, the copyright of the primary user, i.e., the primary user has received a regrant of the second 

secondary exploitation right occurring from secondarily secret-key Ks2 for secondary utilization of the data, and 

utilizing original data, is effected on the data Ml. then, transfers the second secret-key Ks2 serving as a 

Similarly, when a secondary user produces new data M2 decryption key and the third secret-key Ks3 serving as an 

by editing the original data MO or edited data Ml obtained s encryption/decryption key to the secondary user terminal 5 

from the primary user, or by means such as combination via the communication network 2. 

with other data, the copyright of the secondary user, i.e., In the secondary user terminal 5 receiving the second 

secondary exploitation right of the secondary user, is also secret-key Ks2 and the third secret-key Ks3, the encrypted 

effected. data Cmks2 is decrypted by the copyright management 

In this system, to deal with the copyright problem, the 10 program P using the second secret-key Ks2. 

data M is encrypted by the second secret-key Ks2 using the m=d(Ks2 CmksD 

copyright management program P when the data Mis stored, ° 

copied, or transferred. Thereafter, in the primary user ter- and is secondarily utilized, e.g. displayed or edited, 

minal 4, the data M is decrypted and encrypted by the second In this system, the key control center 16 processes pri- 

secret-key Ks2: 15 mary utilization requests, and the copyright management 

center 17 processes secondary utilization requests. While the 

Cmks2=E(Ks2, M) <jata supplied to a primary user is encrypted by the first 

M-D(Ks2 Cmks2) secret-key Ksl, the data M supplied to a secondary user is 

encrypted by the second secret-key Ks2. Moreover, the first 
It is free in principle for the primary user to display and 20 secret-key Ksl and the second secret-key Ks2 are trans- 
edit data to obtain edited data. In this case, however, it is ferred to the primary user as crypt keys from the key control 
possible to limit the repetitions of the operation by the center 16. 

copyright management program. Therefore, if the secondary user, instead of the primary 

When the data M is copied to the external recording user, falsely issues a request for primary utilization to the 

medium 11 or transmitted via the communication network 2, 25 key control center 16, the first secret-key Ksl for decryption 

the first secret-key Ksl and the second secret-key Ks2 in the and the second secret-key Ks2 for encryption/decryption are 

primary user terminal 4 are disused by the copyright man- transferred to the secondary user. However, the secondary 

agement program P. Therefore, when reusing the data M, the user cannot decrypt the encrypted data Cmks2 by using the 

primary user makes a request for utilization of the data M to first secret -key Ksl transferred as a decryption key. 

the key control center 16 to again obtain the second secret- 30 Therefore, it is impossible to falsely issue a request for 

key Ks2. data utilization. Thus, not only the original copyright of data 

The fact that the user receives the regrant of the second but also the copyright of the primary user on the data is 

secret-key Ks2 represents secondary utilization of data in protected. 

which the data M has been copied to the external recording When storing, copying, or transferring of the data M, 
medium 11 or transferred to the secondary user terminal 5 35 other than displaying and displaying for editing is performed 
via the communication network 2. Therefore, this fact is in the secondary user terminal 5, the data M is encrypted by 
entered in the copyright management center 17 from the key the copyright management program P using the third secret- 
control center 16, and subsequent secondary utilization key Ks3 and thereafter, the data is decrypted and encrypted 
becomes possible. by the third secret-key Ks3: 

The data M is moved from the primary user terminal 4 to 40 Cmks3=E(Ks3 M) 
the secondary user terminal 5 by the external recording 

medium 11 or the communication network 2. When the data M=D(Ks3, Cmks3). 

M is copied to the external recording medium 11 or trans- It is free in principle for the secondary user to display and 

mitted via the communication network 2, it is encrypted by edit data to obtain the edited data M2. In this case, it is 

the second secret -key Ks2. 45 possible to limit the repetitions of the operation by the 

When the data M is copied to the external recording copyright management program P. 

medium 11 or transmitted via the communication network 2, When the data M is copied to the external recording 

the first secret-key Ksl and the second secret-key Ks2 in the medium 12 or transmitted via the communication network 2, 

primary user terminal 4 are disused. At this time, unen- the second secret-key Ks2 and the third secret-key Ks3 in the 

crypted primary user information Iul is added to the 50 secondary user terminal 5 are disused by the copyright 

encrypted data Cmks2 stored in the primary user terminal 4 management program P. Therefore, when reusing the data 

and when the encrypted data Cmks2 is transferred to the M, the secondary user makes a request for the utilization of 

secondary user, the primary user information Iul is also the data to the copyright management center 17 to again 

transferred. obtain the third secret-key Ks3. 

A secondary user who desires secondary utilization of the 55 The fact that the secondary user receives a regrant of the 

encrypted data Cmks2 copied or transmitted from the pri- third secret-key Ks3 represents secondary utilization of data 

mary user must designate the original data name or data in which the data M has been copied to the external 

number to the copyright management center 17 via the recording medium 12 or transmitted to the tertiary user 

communication network 2 from the secondary user terminal terminal 6 via the communication network 2. Therefore, this 

5, and also present the secondary user information Iu2 to the 60 fact is entered in the copyright management center 17 and 

center 17 to request secondary utilization of the data Cmks2. allows subsequent data use. 

In this time, the secondary user further presents the unen- The data M is moved from the secondary user terminal 5 

crypted primary user information Iul added to the encrypted to the tertiary user terminal 6 by the external recording 

data Cmks2 in order to clarify the relationship with the medium 12 or by the communication network 2. When the 

primary user. 65 data M is copied to the external recording medium 12 or 

The copyright management center 17 confirms, in accor- transferred via the communication network 2, it is encrypted 

dance with the presented primary user information Iul, that by the third secret-key Ks3. 
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When the data M is copied to the external recording Moreover, it is also possible for the primary user to issue 

medium 12 or transmitted to the tertiary user terminal 6 via a request for a regrant of the second secret -key not to the key 

the communication network 2, the second secret-key Ks2 control center 16 but to the copyright management center 17. 

and the third secret-key Ks3 in the secondary user terminal i n piGS. 7(a) and 7(6), signal process flow in a data 

5 are disused. In this case, the unencrypted secondary user 5 editing method of digital video or digital audio is shown. An 

information Iu2 is added to the encrypted data Cmks3 stored edit flow as geQerallv pr0 cessed is shown in 7(a). An edit 

in the secondary user terminal 5, and when the encrypted flow which can avoid deterioration of sigaals is shown & 
data Cmks3 is transferred to a tertiary user, the secondary 

user information Iu2 is also transferred. f tU j 4 a . • -r/ \ • i »• j j- i 

In adding each user information to data, there are two in . In " floW sh ™°™ 7 <">' ^™§** * digital 

cases: a case in which all information is added to data 10 s ! gna * 61 ™ ^ [^^^^^' V?^ 0 * 

whenever it is copied or transmitted and another in which the s ^ na ^ a ' e then edUed < 63 > ^ b ^ m § ^P^d (64), and 

history updated whenever the data is copied or transmitted the edlted analo S S1 & nals are digitized (65) to be stored, 

is stored in the copyright management center. copied, and transferred (66). 

A tertiary user who desires tertiary utilization of the Though this process may be simple, it can not avoid the 

encrypted data Cmks3 copied or transmitted from the sec- 15 deterioration of signals since the signal is edited in analog 

ondary user must designate the original data name or num- form and re-digitized after completion of editing, 

ber to the copyright management center 17 from a tertiary In the edit flow snown m 7 (*>)» di S ital signals 61 are 

user terminal 6 via the communication network 2, and also converted to analog signals (62) to be displayed. While the 

present the tertiary user information Iu3 to request tertiary analo 8 si S nals ( 62 ) m used in editin S ( 63 )> *e analog 

utilization of the data. At this time, the tertiary user further 20 si S nals are onl y for displaying (64) rather than for 

presents the unencrypted secondary user information Iu2 storing, copying, transferring. 

added to the encrypted data Cmks3 in order to clarify the Signals for storage, copy, and transfer are edited (67), 

relationship with the secondary user. copied, and transferred (66) in the form of digital signals 61 

The copyright management center 17 confirms that the corresponding to signals displayed in analog, 

secondary user has received a regrant of the third secret-key 25 In toe case of this edit flow, there is no deterioration of 

Ks3 for preparation of tertiary utilization of data, in accor- si S naIs since di S ital si S nals which m stored > copied, and 

dance with the presented secondary user information Iu2, transferred are never converted to analog signals, 

and then transfers the third secret-key Ks3 serving as a FIGS. 8(a) and 8(£>) illustrate flow examples when editing 

decryption key and fourth secret-key Ks4 serving as an encrypted data to which a signal process of the data editing 

encryption/decryption key to the tertiary user terminal 6 via 30 metrj od of digital video or digital audio shown in FIGS. 1(a) 

the communication network 2. and 7 ( b ) * a PPlied. FIG. 8(a) shows a simplified signal 

In the tertiary user terminal 6 receiving the third secret- processing flow, and FIG. S(b) shows a signal processing 

key Ks3 and the fourth secret-key Ks4, the encrypted data flow whica sufficient copyright management. 

Cmks3 is decrypted using the third secret-key Ks3 by the In the si ^ 1 processing flow shown in 8 (a), the original 

copyright management program P: 35 data ( 71 ) CmOksl, encrypted using the first secret-key Ksl 

and supplied, is initially decrypted (72) using the first secret 

M-D(Ks3, Cmks3) key Ksl: 

and is tertiarily utilized, e.g. displayed or edited. 

In this system, the data M supplied to the primary user is M0=D (Ksl, CmOksl), 

encrypted by the first secret-key Ksl, and the data M 40 and ^ dec d data MQ ^ then edited (?3) while w 

supplied t° the secondary use r is encrypted by the second di , d (74) . The data M1 completed editing is 

secret-key Ks2, and the data M supphed to the tertiary user re ted (75) usin the second secret k Ks2: 

is encrypted by the third secret-key Ks3. Jr v ' & J 

Therefore, if the tertiary user, instead of the primary user, Cmiks2-E (Ks2, Ml) 

falsely issues a request for primary utilization from the key 45 

control center 16, the first secret-key Ksl for decryption and and stored, copied, and transferred (76). 

the second secret-key Ks2 for encryption/decryption are Though the process may be simple, copyright can not be 

transferred to the tertiary user. However, it is impossible to properly managed since there is a possibility that the 

decrypt the encrypted data Cmks3 by the first secret-key Ksl decrypted data might be stored, copied, or transferred due to 

transferred as a decryption key. Moreover, if the tertiary 50 lne data editing process in decrypted form. 

user, instead of the secondary user, falsely issues a request On the other hand, in the signal processing flow shown in 

for secondary utilization to the copyright management cen- tn e original data (71) CmOksl, encrypted using the first 

ter 17, the second secret-key Ks2 and the third secret-key secret key Ksl, is decrypted (72) using the first secret-key 

Ks3 are transferred to the tertiary user as a decryption key Ksl: 

and an encryption/decryption key respectively. However, it 55 

is impossible to decrypt the encrypted data CmKs3 by the M0=D (Ks1, Cm0ksl ) 

second secret-key Ks2 transferred as a decryption key. and the decrypted data MO is displayed (74). 

Therefore, it is impossible to falsely issue a request for Meanwhile, the encrypted data CmOksl is edited (73), 

data utilization. As a result, not only the original copyright i ea d by the decrypted data MO, and the original data MO for 

of the data, but also the copyrights of the primary and 60 storage or the edited data Ml are re-encrypted using the 

secondary users on the data are protected. The same proce- second secret-key: 
dure is applied to quaternary and subsequent utilization. 

In the above described system, the database 1, key control Cm0ks2=E (Ks2, mo) 

center 16, and copyright management center 17 are sepa- Cmiks2-E (Ks2 Ml) 

rately arranged. However, it is not always necessary to 65 

arrange them separately. It is also possible to set all of them and the encrypted data Cm0ks2 or Cmlks2 is stored, copied, 

or two of them integrally. and transferred (76). 
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Without being decrypted corresponding to the decrypted In a user terminal 20, a PCI bus 81 is connected to a 

and displayed data, it is edited (77) in the encrypted form, system bus 22 for a microprocessor 21 via a PCI bridge 82, 

and the editing program and the data still encrypted are used and the local bus 17 for the CPU 16 of a data copyright 

to store, copy or transfer (76). management apparatus 80 is connected to the PCI bus 81. 

In this signal processing flow, the decrypted data are never 5 Also connected to the system bus 22 of the user terminal 20 

stored, copied or transferred since the data for storing, are a communications device (COMM) 23 which receives 

copying, transferring remain encrypted. data from exteraal databases and tnsaim dala t0 me exter . 

In the data copyright management system which utilizes nal of ^ termmal a CD . RQM ^ (CDRD) u M 

nlltV^ £ reSen H rcads data ^PPte* ° n CD-ROM, a flexible disk drive 

invention, when data is decrypted for use when the obtained H „ /™r*\ -»e u u • j j>* j j * * 1 . 

encrypted data are displayed/edited, data copyright is man- 10 £ DD 25 ^ "P™ ° r . ^ * ?3? ly * 

aged by encrypting data when obtained or edited data is < he eternal of terminal and hard d^k dnve (HDD) 26 used 

stored/copied /transferred. for stonn & data - C0MM 23 > CDRD 24 > roD 25 > and HDD 

However, the data copyright management unit 15 of the 26 mav ^ be connected to the PCI bus 81. While ROM, 

Japanese Patent Application No. 237673/1994 (U.S. patent RAM etc *> of ^vse, are connected to the system bus 22 of 

application Ser. No. 08/536,747) shown in FIG. 2 and the 35 the user terminal, these are not shown in FIG. 9. 

data copyright management unit 30 of the present invention Configurations and operations of other parts are the same 

described in FIG. 3 can perform only one process of as the embodiment shown in FIG. 3, and further explanation 

decryption of encrypted data or encryption of decrypted of them will be omitted. 

data. When decrypted or edited data is stored/copied/ A decryption task is performed by the MPU 21 of the user 

transferred, therefore, it is necessary to store data in the user 20 terminal 20 and a re-encryption task is performed by the 

terminal or RAM of the data copyright management appa- CPU 16 of the data copyright management apparatus 80 at 

ratus to re-encrypt the stored data afterwards. Thus, there is the same time, and vice versa. Since the configuration of the 

a possibility that decrypted or edited data might be lost due MPU21 and CPU 16 in this embodiment is a multiprocessor 

to accident or misoperation. This also limits the volume of configuration which performs parallel processing with a PCI 

data that can be processed. 25 bus, high processing speed can be achieved. 

With the exception of some high-class MPU, general Other typical means for attaching external devices to a 

MPU used in personal computers does not take into account personal computer include SCSI (Small Computer System 

the multiprocessor configuration which allows concurrent Interface), which is used for the connection of an external 

operation of plural microcomputers. Therefore, plural opera- storage medium such as hard disk drives and CD-ROM 

tions can not be performed at the same time, although 30 drives. 

accessory units are connected to the system bus of the Up to eight devices, including the personal computer 

personal computer. itself to which the SCSI is attached, can be connected to the 

Accordingly, to connect the data copyright management SCSI, and a plurality of computers may be included in the 

unit 15 shown in FIG. 2 or the data copyright management eight devices. Each of these computers can play an equiva- 

unit 30 shown in FIG. 3 to the system bus 22 of the user 35 lent role; in other words, the SCSI functions not only as an 

terminal 20 does not provides multiprocessor function that interface, but also as a multiprocessor bus. 

enables concurrent operation of MPU 21 or 46 and CPU 16, Taking advantage of this function of the SCSI, yet another 

and the processes of decryption of encrypted data and embodiment connects a data copyright management appa- 

re-encryption of decrypted data are performed alternately, ratus 85 to the system bus 22 of a user terminal 20 via SCSI 

not concurrently. Thus, a large amount of data can not be 40 86 (hereinafter called the "SCSI bus," for clear 

processed since the data to be encrypted and decrypted is understanding) instead of the PCI bus 81 in the embodiment 

limited by the capacity of RAM. Further, it is impossible to shown in FIG. 9. 

increase the processing speed, even if the amount of data is FIG. 10 shows a configuration block diagram of a data 

not large. copyright management apparatus of this embodiment which 

On the other hand, in the data copyright management 45 uses the SCSI bus according to the present invention, 
system described in the Japanese Patent Application, In FIG. 10, the configuration of the data copyright man- 
encrypted data that is obtained is decrypted to use for agement apparatus 85 is the same as the data copyright 
displaying or editing, and when the obtained or edited data management apparatus shown in FIG. 3; that is, the appa- 
is stored, copied, or transferred, it is re-encrypted to prevent ratus has a CPU 16, a local bus 17 for the CPU 16, and ROM 
unauthorized use of the data. Therefore, it is desirable that 50 18, RAM 19, and EEPROM 31 connected to the local bus 
the apparatus in the data copyright management system of 17. 

the present invention perform not only decryption but also On the other hand, an SCSI bus 86, which is controlled by 

re-encryption of data at the same time. an SCSI controller (SCSICONT) 87, is connected to a 

Recently, a PCI (Peripheral Component Interconnect) bus system bus 22 for a microprocessor 21 of a user terminal 20, 

has attracted attention as a means for implementing a 55 and the local bus 17 for the CPU 16 of a data copyright 

multiprocessor configuration of a typical personal computer. management apparatus 85 is connected to this SCSI bus 86. 

The PCI bus is a bus for external connection connected to Also connected to the system bus 22 of the user terminal 

a system bus of a personal computer via a PCI bridge. The 20 are a communications device (COMM) 23 which 

PCI bus allows implementation of a multiprocessor configu- receives data from external databases and transfers data 

ration. 60 external to the terminal, a CD-ROM drive (CDRD) 24 which 

FIG. 9 shows another embodiment of this invention, reads data supplied on CD-ROM, a flexible disk drive 

which is a configuration of data copyright management (FDD) 25 which copies received or edited data to supply 

apparatus using a PCI bus and the same configuration of data external to the terminal, and hard disk drive (HDD) 26 used 

copyright management unit 30 as shown in FIG. 3, that is, for storing data. COMM 23, CDRD 24, FDD 25, and HDD 

a computer configuration having a CPU 16, a local bus 17 65 26 may also be connected to the SCSI bus 86. While ROM, 

for the CPU 16, and ROM 18, RAM 19, and EEPROM 31 RAM etc., of course, are connected to the system bus 22 of 

connected to the local bus 17. the user terminal, these are not shown in FIG. 10. 
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Configurations and operations of other parts are the same In the Japanese Patent Application No. 237673/1994 

as the embodiment shown in FIG. 3, and further explanation (U.S. patent application Ser. No. 08/536,747) shown in FIG. 

of them will be omitted. 2 and in the embodiment of the present invention described 

A decryption task is performed by the MPU 21 of the user with reference to FIG. 3, the communications device 

5™™] 2 ?\ ^ a re " enc ryption task is performed by the 5 (COMM) 23, to which encrypted data is supplied, and the 

CPU 16 of the data copyright management apparatus 85 at CD-ROM drive (CDRD) 24 are connected to the system bus 

the same tune ^and vice versa. Since the configuration of the of the user tennina] 20 To d t eacrypted data> therefore> 

MPU 21 and CPU 16 in this embodiment is a multiprocessor the ^ data musl be tra ^ mitted b * of the tem 

configiiTation which performs parallel processing with an bug f ™ usef tenninal 2Q fae { > J * 

SCSI bus 86, high processing speed can be achieved. . , 4 . j , . 

Other means for implementing a multiprocessor 10 C0 ^ n ^ { mana g eme ^ apparatus^ and consequently, the 

configuration, such as SCI (Scaleable Coherent Interface), processing speed can be slowed. This is true for a configu- 

may be used, and, if possible, the microprocessors may be ratl0n 10 which those attac bed devices are connected to a 

connected with each other without using a bus. ^ us or SCSI bus. 

Data to be managed by the data copyright management In anotner embodiment of the present invention shown in 

apparatus of the present invention includes, in addition to 15 FIG - 12 » a communications device 23 to which encrypted 

text data, graphic data, computer programs, digital audio data ^ supplied and a CD-ROM drive 24 are connected to 

data, JPEG-based still picture data, and MPEG-based mov- a local bus 17 of a data copyright management apparatus 97 

ing picture data, for decryption, to prevent processing speed from being 

The above-mentioned multiprocessor configuration of the slowed, 

data copyright management apparatus 80 of the embodiment 20 The data copyright management apparatus 97 of the 

shown in FIG. 9 and the data copyright management appa- embodiment shown in FIG. 12 is a data copyright manage - 

ratus 85 of the embodiment shown in FIG. 10 is imple- ment apparatus for decryption, and its configuration is 

mented by connecting the apparatus to the system bus 22 of essentially the same as that of the data copyright manage- 

the microprocessor 21 in the user terminal 20 via a PCI bus ment apparatus 30 of the embodiment shown in FIG. 3; that 

or a SCSI bus. In such a multiprocessor configuration, the 25 is, the computer system has a CPU 16, a local bus 17 for 

MPU 21 of the user terminal 20 must also control the overall CPU 16, and ROM 18, RAM 19 and EEPROM 31 connected 

system. For relatively slow-speed and small data such as text to the local bus 17, and a communication device COMM 23 

data and graphic data, data copyright management with and a CD-ROM drive CDRD 24 connected to the local bus 

encryption and re -encryption can be performed by the 17. 

multiprocessor configuration using the MPU 21 and CPU 30 Fixed information, such as a copyright management pro- 
16. For JPEG-still-picture-based moving picture data and gram P, a cryptography program Pe based on a crypt 
MPEG1 or MPEG2-based moving picture data, however, algorithm, and user data Iu, are stored in the ROM 18. 
data copyright management by such configuration is con- Copyright information Ic is stored in the EEPROM 31. If 
siderably difficult to perform because a large amount of data the copyright management program and cryptography pro- 
must be processed quickly. 35 gram are supplied externally, such as from databases, those 
To deal with this problem, a multiprocessor system is programs are stored in the EEPROM 31, rather than in the 
configured by connecting a first data copyright management ROM 18. 

apparatus 80 and a second data copyright management A crypt-key Ksl for decryption and a data copyright 

apparatus 90 to a PCI bus 81 in the embodiment shown in management system program Ps supplied from a key control 

FIG. 11. 40 center or copyright management center are store d in the 

The configuration of the second data copyright manage- EEPROM 31. 

ment apparatus 90 is the same as that of the first data Encrypted data supplied from the COMM 23 or CDRD 24 

copyright management apparatus 80; that is, the apparatus is decrypted by the data copyright management apparatus 97 

comprises a CPU 91, a local bus 94 for the CPU 91, and and transferred to a user terminal 95. 

ROM 92, RAM 93, and EEPROM 95 connected to the local 45 While the above-mentioned data copyright management 

bus 94. apparatus 80 and 90 of the embodiment (shown in FIG. 11) 

In this embodiment, the first data copyright management are described as being configured separately, these 

apparatus 80 decrypts encrypted data and the second data apparatus, of course, can be configured as a unit, 

copyright management apparatus 90 re-encrypts decrypted FIG. 13 shows another embodiment of a data copyright 

data. 50 management apparatus which is extended from the data 

Fixed information, such as software for utilizing data- copyright management apparatus 97 described with refer- 

bases and user data Iu, are stored in the ROM 18 of the first ence to FIG. 12. 

data copyright management apparatus 80 decrypting In the Japanese Patent Application No. 237673/1994 

encrypted data. A first crypt-key Ksl for decryption and data (U.S. patent application Ser. No. 08/536,747) shown in FIG. 

copyright management system program Ps supplied by a key 55 2 and the embodiment described with reference to FIG. 3, 

control center or copyright management center are stored in the storage medium, such as HDD 26, for storing 

the EEPROM 31. re-encrypted data, are connected to the system bus 22 of the 

Similarly, fixed information, such as software for utilizing user terminal 20. To store re-encrypted data, therefore, the 

databases and user data, are stored in the ROM 92 of the encrypted data must be transmitted by way of the system bus 

second data copyright management apparatus 90 60 22 of the user terminal 20 and the local bus 17 of the data 

re-encrypting decrypted data, and a second crypt-key Ks2 copyright management unit 15 or data copyright manage- 

and data copyright management system program Ps supplied ment unit 30, and consequently, processing speed can be 

by a key control center or copyright management center are slowed. This is true for a configuration in which those 

stored in the EEPROM 95. attached devices are connected to a PCI bus or SCSI bus. 

In this multiprocessor configuration, SCSI or SCI may be 65 In the data copyright management apparatus 100 of the 

used, and, if possible, the microprocessors may be con- embodiment shown in FIG. 13, in addition to the commu- 

nected to each other without using a bus. nications device COMM 23 and the CD-ROM drive CDRD 
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24 connected to the local bus 17 in the data copyright cash data is transferred from a bank account or a cash service 

management apparatus 97 for decryption in the embodiment of a credit company, and is stored in the IC card so that a 

shown in FIG. 12, storage devices such as HDD 26 for terminal device for input/output is used to make a payment. 

storing re-encrypted data are connected to the local bus 94 The digital cash system which uses this IC card as an 

of the data copyright management apparatus 101 for 5 electronic cash-box can be used at any place such as shops 

re-encryption. or tDe a s long as the input/output terminal is installed. 

The configuration of the data copyright management However, the system cannot be used at places such as homes 

apparatus 101 for re<ncryption in the embodiment shown in or the ^ where n0 input/output terminal is installed. 

FIG. 13 is essentially the same as that of the data copyright Smce the dl ®^ cash fc encrypted data, any device can be 

management unit 30 shown in FIG. 3; that is, the computer 10 T f 8 ^electronic cash-box which stores digital cash 

system has a CPU 91, a local bus 94 for the CPU 91, and d t ata ' 10 add ?° n ;° t the J C t card ' ™l° n $ f , th * device can 

ROM 92, RAM 93 and EEPROM 95 connected to the local ? TT ^ i JV"* t° 

oa La unn « ■ * a * .u i i u n>i wmch the payment is made. As a terminal which can be 

bus 94 and HDD 26 is connected to the local bus 94. spetificall/used as the electronic cash-box, there are per- 

Fixed information, such as a copyright management pro- sonal computerSj intelligent television sets, portable tele- 
gram P, a cryptography program Pe based on a crypt is phone sets such as a personal information terminal, personal 
algorithm, and user data Iu, are stored in the ROM 92. handy phone system (PH s), intelligent telephone sets, and 

Copyright information is stored in the EEPROM 95. If the PC cards or the like which have an input/output function, 

copyright management program and cryptography program Trades in which such terminals are used as an electronic 

are supplied externally such as from databases, those pro- cash-box for a digital cash can be actualized by replacing, in 

grams are stored in the EEPROM 95 rather than the ROM 20 the configuration of the data copyright management system, 

92. A crypt-key Ks2 for re-encryption and a data copyright the database with a customer's bank, a first user terminal 

management system program Ps supplied from a key control with a customer, the secondary user terminal with a retailer, 

center or copyright management center are stored in the the copyright control center with a retailer's bank, and a 

EEPROM 95. Data re -encrypted by the copyright manage- tertiary user terminal with a wholesaler or a maker, 

ment apparatus 101 for re-encryption is stored in HDD 26. 25 An example of the trading system will be explained in 

While the above-mentioned data copyright management FIG. 14 in which the digital cash is transferred via a 

apparatus 100 and 101 of the embodiment shown in FIG. 13 communication network. 

are described as being configured separately, these The example uses the configuration of the data copyright 

apparatus, of course, can be configured as a unit. management system shown in FIG. 1. In FIG. 14, reference 

Digital data includes, in addition to text data, graphic data, 30 numeral 111 represents a customer, reference numeral 112 a 

computer programs, digital sound data, JPEG-based still bank of the customer 111, reference numeral 113 a retail 

picture data, and MPEG -based moving picture data. shop, reference numeral 114 a bank of the retail shop 113, 

A typical user terminal which utilizes copyrighted data is reference numeral 115 a maker, reference numeral 116 a 
a computer apparatus such as a personal computer. Other bank of the maker 115, reference numeral 2 a communica- 
apparatus which utilize such data are receivers such as 35 tion network such as a public line provided by a commu- 
television sets, set-top boxes used with those receivers, nication enterprise or CATV line provided by a cable tele- 
digital recording apparatus such as digital video tape vision enterprise. Customer 111, the customer's bank 112, 
recorders, digital video disk recorders, digital audio tapes the retail shop 113, the retail shop's bank 114, the maker 115, 
(DAT) which store digital data, and personal digital assis- the maker's bank 116 can be mutually connected with the 
tants (PDA). 40 communication network 2. In this system, the customer 111 

The data copyright management apparatus shown in FIG. can use a credit company offering cashing service other than 

2 which is configured as an expansion board, IC card, or PC banks and he can also interpose an appropriate number of 
card and described in the Japanese Patent Application No. wholesalers between the retail shop and the maker. 
237673/1994 (U.S. patent application Ser. No. 08/536,747) In addition, reference numerals 117 and 118 are either IC 
or the data copyright management apparatus shown in FIG. 45 cards or PC cards in which digital cash data is stored. The 

3 may be used by attaching it to a user terminal which is a cards are used when the communication network is not used, 
computer, receiver, set-top box, digital recording medium, Incidentally, in FIG. 14, the broken line represents a path 
or PDA. However, it is desirable that a data copyright of encrypted digital cash data, the solid line represents a path 
management apparatus is factory-installed in the user ter- of requests from the customer, the retail shop or the maker, 
minal to eliminate labor and possible failure arising from the 50 and the one-dot chain line represents a path of the secret-key 
attachment of the apparatus. from each bank. 

To accomplish this, in each embodiment of the present In this example, first secret-key prepared by the custom- 
invention, a data copyright management apparatus is imple- er's bank 112, the second secret-key generated by the 
mented in the form of a monolithic IC, hybrid IC, or built-in customer, the third secret-key generated by the retail shop, 
subboard and is incorporated in a user terminal such as 55 and the fourth secret-key prepared by the maker are used as 
computer apparatus or personal computers, or receivers such crypt keys. 

as television sets, set-top boxes used with those receivers, Further, while the customer's bank 112, the retail shop's 

digital recording medium such as digital video tape bank 114, and the maker's bank 116 are explained as 

recorders, digital video disk recorders, and digital audio tape separate entities, these can be considered as a financial 

(DAT) which store digital signals, or personal digital assis- 60 system as a whole. 

tants (PDA). Digital cash management program P for encrypting and 

Further, the apparatus for managing data copyright decrypting the digital cash data is preliminarily distributed 

described above can be applied not only to the data utiliza- to the customer 111 and is stored in the user terminal. 

tion but also to the handling of the digital cash and video Further, it is possible to transfer the digital cash management 

conference systems. 65 program P together with data every time a trade with the 

The digital cash system which has been proposed so far is bank is executed. Further, it is desirable to install the 

based on a secret-key cryptosystem. The encrypted digital common digital cash management program P in all banks. 
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The customer 111 uses the user terminal to designate the 
amount of money via the communication network 2 to 
request to be drawn out from the account of the customer's 
bank 112 to the bank. At this time, the terminal presents 
customer information Ic of the customer 111. 

The customer's bank 112 which receives the customer's 
request for drawing out from the account selects or generates 
the first secret-key Ksl so that the digital cash data MO of 
the amount is encrypted by the first secret-key Ksl: 

CmOksl=E(Ksl, MO) 

and the encrypted digital cash data CmOksl and the first 
secret-key Ksl for a decrypting key are transferred to the 
customer 111, and the customer information Ic and the first 
secret-key Ksl are stored. 

In this case, the first secret-key Ksl can be selected from 
what is preliminarily prepared by the customer's bank 112, 
and also may be generated by presentation of the customer 
information Ic at the time of drawing by the customer using 
the digital cash management program P on the basis of the 
customer information Ic: 

Ksl-P(Ic). 



Through this means, the first secret-key Ksl can be 25 
private for the customer 111. At the same time, it is not 
necessary to transfer the first secret-key Ksl to the customer 
111 so that the security of the system can be heightened. 

Further, the first secret-key Ksl can be generated on the 
basis of the bank information lbs of the customer's bank 112 30 
or on the basis of the bank information lbs and the key 
generation data. 

The customer 111 to which the encrypted digital cash data 
CmOksl and the first secret-key Ksl are transferred gener- 
ates second secret-key Ks2 according to any one or both of 35 
the customer information Ic and the first secret-key Ksl 
using the digital cash management program P, for example: 



Cmlks2=E(Ks2 ) Ml), 



Ks2=P(Ic) 5 

and the generated second secret-key Ks2 is stored in the user 
terminal. 

Further, the customer 111 uses the first secret-key Ksl to 
decrypt the encrypted digital cash data CmOksl with the 
digital cash management program P: 

M0=D(Ksl, CmOksl), 

and the content is confirmed. When the decrypted digital 
cash data MO whose content is confirmed is stored in the 
user terminal as a cash-box, it is encrypted by the generated 
second secret-key Ks2 using the digital cash management 
program P: 

CmOKs2-E(Ks2, MO). 

The first secret-key Ksl is disused at this time. 

The customer 111 who wishes to buy an article from the 
retail shop 113 decrypts the encrypted digital cash data 
Cm0ks2 which is stored in the user terminal as a cash-box 
by the digital cash management program P using the second 
secret-key Ks2: 

M0-D(Ks2, Cm0ks2), 

and the digital cash data Ml which corresponds to the 
necessary amount of money is encrypted by the second 
secret-key ks2 using the digital cash management program 
P: 



20 



40 



45 
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and then payment is made by transmitting the encrypted 
digital cash data Cmlks2 to the user terminal as a cash-box 
of retail shop 113 via communication network 2. At this 
time, the customer information Ic is also transmitted to the 
user terminal of retail shop 113. 

Further, the residual amount digital cash data M2 is 
encrypted by the second secret-key Ks2 using the digital 
cash management program P: 

Cm2ks2-E(Ks2, M2) 

and stored in the user terminal of customer 111. 

The retail shop 113 to which the encrypted digital cash 
data Cmlks2 and the customer information Ic are transferred 
stores the transferred encrypted digital cash data Cmlks2 
and customer information Ic in the user terminal and pre- 
sents the customer information Ic to the retail shop's bank 
114 via the communication network 2 for confirming the 
content to request the transmission of the second secret-key 
Ks2 for decryption. 

The retail shop's bank 114 which is requested by the retail 
shop 113 to transmit the second secret-key Ks2 transmits the 
request for the transmission of the second secret-key Ks2 
and the customer information Ic to the customer's bank 112. 

The customer's bank 112 which is requested to transmit 
the second secret-key Ks2 from the retail shop's bank 114 
generates the second secret-key Ks2 according to the cus- 
tomer information Ic by the digital cash management pro- 
gram P in the case where the second secret -key Ks2 is based 
only on the customer information Ic, or generates the second 
secret-key Ks2 according to the customer information Ic and 
the first secret-key Ksl by the digital cash management 
program P in the case where the second secret-key Ks2 is 
based on the customer information Ic and the first secret-key 
Ksl, and transmits the generated second secret-key Ks2 to 
the retail shop's bank 114. 

The retail shop's bank 114 to which the second secret-key 
Ks2 is transmitted from the customer's bank 112 transmits 
the second secret-key Ks2 to the retail shop 113 via the 
communication network 2. 

The retail shop 113 to which the second secret-key Ks2 is 
transferred decrypts the encrypted digital cash data Cmlks2 
by the second secret-key Ks2 using the digital cash man- 
agement program P: 

Ml=D(Ks2, Cmlks2) 

and, after confirming the amount of money, forwards the 
article to the customer 111. 

Incidentally, in this case, the retail shop 111 can directly 
request the transfer of the second secret-key Ks2 to the 
customer's bank 112 instead of the retail shop's bank 114. 

In case where the digital cash received by the retail shop 
113 is deposited in the account of the retail shop's bank 114, 
the customer information Ic is transferred to the retail shop's 
bank 114 together with the encrypted digital cash data 
Cmlks2 via the communication network 2. 

The retail shop's bank 114 to which the encrypted digital 
cash data Cmlks2 and the customer information Ic are 
transferred requests the transfer of the second secret-key 
Ks2 to the customer's bank 112 by transmitting the customer 
information Ic. 

The customer's bank 112, which is requested to transfer 
the second secret-key Ks2 from the retail shop's bank 114, 
generates the second secret-key Ks2 according to the cus- 
tomer's information Ic by the digital cash management 
program P when the second secret-key Ks2 is based only on 
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the customer's information Ic, or generates the second 
secret-key Ks2 according to the customer's information Ic 
and the first secret-key Ksl by the digital cash management 
program P when the second secret-key Ks2 is based on the 
customer's information Ic and the first secret-key Ksl. Then 
the generated second secret-key Ks2 is transferred to the 
retail shop's bank 114. 

The retail shop's bank 114, to which the second secret-key 
Ks2 is transferred from the customer's bank 112, decrypts 
the encrypted digital cash data Cmlks2 by the second 
secret-key Ks2 using the digital cash management program 
P: 

Ml»D(Ks2, CmlksZ), 

and the decrypted digital cash data Ml is deposited in the 
bank account of the retail shop's bank 114. 

In the general trade system, the retail shop 113 stocks 
products from the maker 115 or from the wholesaler which 
intervenes between the retail shop 113 and the maker 115. 
Then the retail shop 113 sells the products to the customer 
111. Consequently, a trading form is present between the 
customer 111 and the retail shop 113 just as between the 
retail shop 113 and the maker 115. 

The handling of the digital cash between the retail shop 
113 and the maker 115 is not basically different from the 
handling of the digital cash which is carried out between the 
customer HI and the retail shop 113. Therefore, the expla- 
nation there will be omitted for the sake of clarity. 

In this digital cash system, the digital cash is handled 
through banks. As information such as the processed amount 
of the digital cash, date, and the secret-key demanding party 
information with respect to the handling of the digital cash 
is stored in the customer's bank, the residual amount of 
digital cash and usage history, can be grasped. 

Even in the case where the user terminal (which is an 
electronic cash-box storing the digital cash data) cannot be 
used owing to the loss or the breakage, it is possible to 
reissue the digital cash on the basis of the residual amount 
and usage history kept in the customer's bank. 

It is desirable to add a digital signature to the digital cash 
data to heighten the security of the digital cash. 

In this example, digital cash is added by the customer's 
information which may be accompanied by digital signature. 
Therefore, the digital cash in the example can also have a 
function of a settlement system for cheques drawn by 
customers. 

Also, this system is applicable to various systems in 
international trade such as payment settlement of import/ 
export by a negotiation by a draft using executed documents 
such as a letter of credit and a bill of lading. 

In a video conference system, a television picture has 
been added to the conventional voice telephone set. 
Recently, the video conference system has advanced to the 
point where a computer system is incorporated into the 
video conference system so that the quality of the voice and 
the picture are improved, and data on computers can be 
handled at the same time as the voice and the picture. 

Under these circumstances, security against the violation 
of the user's privacy and the data leakage due to eavesdrop- 
ping by persons other than the participants of the conference 
are protected by the cryptosystem using a secret-key. 

However, since the conference content obtained by the 
participants themselves are decrypted, in the case where 
participants themselves store the content of the conference 
and sometimes edit the content, and further, use for second- 
ary usage such as distribution to the persons other than the 
participants of the conference, the privacy of other partici- 
pants of the video conference and data security remains 
unprotected. 
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In particular, advancements in the compression technol- 
ogy of the transmission data and increases in the volume of 
the data storage medium means, it will be possible to copy 
all of the content of the video conference to the data storage 

5 medium, or to transmit it via a network. 

In view of the circumstances, the example is intended, 
when video conference participants perform secondary use, 
to secure the privacy of other participants and data security 
by using the aforementioned configuration of the data copy- 

30 right management system. 

This video conference data management system can be 
actualized, for example, by replacing the database in the data 
copyright management system configuration shown in FIG. 
1 with a participant of the video conference, the first user 

15 terminal with another participant of the video conference, 
and the second user terminal with a non-participant of the 
video conference. 

An example will be explained by using FIG. 15. Referring 
to FIG. 15, reference numeral 121 represents a participant as 

20 a host of the video conference, reference numeral 122 a 
participant of the video conference as a guest, reference 
numeral 123 a non-participant of the video conference as a 
user, reference numeral 124 a non-participant of the video 
conference as another user, reference numeral 2 a commu- 

25 nication network such as a public telephone line provided by 
the communication enterprise and a CA television line 
provided by the cable television enterprise or the like. The 
participant 121 of the video conference is connected to the 
participant 122 of the video conference via the communi- 

30 cation network 2. Further, the participant 122 of the video 
conference can be connected to the non-participant 123 of 
the video conference, and the non-participant 123 of the 
video conference to the non-participant 124 of the video 
conference, via the communication network 2. Reference 

35 numerals 125 and 126 represent a data recording medium. 
Referring to FIG. 15, the broken line represents a path of 
the encrypted video conference content, the solid line rep- 
resents a path requesting the crypt key from the non- 
participants of the video conference 123 and 124 to the 

40 participant of the television conference 121, and the one-dot 
chain line represents a path of crypt keys from the partici- 
pant of the video conference 121 to the participant of the 
video conference 122 and the non-participants of the video 
conference 123 and 124. 

45 In this example, a video conference data management 
system is described here protecting only the data security 
and privacy of video conference participant 121 to simplify 
the explanation. It is of course also possible to protect for 
data security and privacy of video conference participant 

50- 122. 

A video conference data management program P for 
encryption/decryption of the video conference data of the 
participant 121 including audio and picture is previously 
distributed to the video conference participant 122 and the 
55 video conference non-participants 123 and 124, and is stored 
in each terminal. This video conference data management 
program P may be transferred whenever a crypt-key is 
transferred. 

In this example, further, a first secret-key prepared by the 
60 video conference participant 121, a second secret-key pre- 
pared by the video conference participant 122, a third 
secret-key prepared by the video conference non-participant 
123 and subsequent secret-keys prepared similarly are used 
as a crypt key. 

65 The video conference participant 121 and the video 
conference participant 122 perform the video conference by 
transmitting audio, picture and data (referred to as video 
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conference data on the whole) to each other, using each 
terminal via communication network 2. Prior to the video 
conference, the video conference participant 121 generates 
or selects the first secret-key Ksl to transfer to the video 
conference participant 122 prior to the start of the video 
conference. 

The video conference participant 122 receiving the first 
secret-key Ksl generates the second secret-key Ks2 by the 
first secret-key Ksl using the video conference data man- 
agement program P: 



Ks2-P(Ksl). 



the 



The generated second secret-key Ks2 is stored in 
terminal. 

The video conference participant 121 encrypts the video 
conference data MO with the first secret-key Ksl, in the 
video conference through the communication network 2: 

CmOksl=E(Ksl, MO) 



10 



15 



20 



and transfers the encrypted video conference data CmOksl 
to the video conference participant 122. 

The video conference participant 122 who receives the 
video conference data CmOksl encrypted by the first secret- 
key Ksl decrypts the video conference data CmOksl by the 25 
first secret-key Ksl: 

M0=D(ksl, CmOksl) 



and uses decrypted video conference data MO. 

Further, the second secret-key Ks2 is generated based on 
the first secret-key Ksl with the video conference data 
management program P: 

Ks2-P(Ksl). 

In the case where the decrypted video conference data MO 
is stored in the terminal of the participant 122 of the video 
conference, copied to the data record medium 125, or 
transferred to the non-participant of the video conference via 
the communication network 2, the data M is encrypted by 
the second secret-key Ks2 using the video conference data 
management program P: 

Qnks2=E(Ks2, M). 

The encrypted data Cmks2 is copied to the record medium 
125 or supplied to the non-participant of the video confer- 
ence via the communication network 2, together with the 
video conference data name or the video conference data 
number. 

The non-participant of the video conference 123 who 
obtains the encrypted data Cmks2 makes a request to the 
participant 121 for the secondary use of the video confer- 
ence data M from the terminal by specifying the name or 
number of the video conference data. 

The participant 121 of the video conference who receives 
the request for the secondary use of the data M finds out the 
first secret -key Ksl according to the name or the number of 
the video conference data to generate the second secret-key 
Ks2 based on the first secret-key Ksl: 

Ks2-P(Ksl) 

and supplies the generated second secret-key Ks2 to the 
non-participant of the video conference 123. 
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The non-participant of video conference 123 who receives 
the second secret-key Ks2 decrypts the encrypted data 
Cmks2 by the second secret-key Ks2 by using the video 
conference data management program P: 

M-D(K*2, Cmks2) 

and then uses decrypted video conference data M. 

In the case where the video conference data M is stored 
in the terminal of the non -participant of the video conference 
123, copied to the record medium 126, or transmitted to the 
non-participant of the video conference 124, the video 
conference data M is encrypted by the second secret -key 
Ks2 using the video conference data management program 
P: 

Cmks2-E(Ks2, M). 

Incidentally, the third secret-key Ks3 may be generated on 
the basis of the second secret-key Ks2 with the video 
conference data management program P: 

Ks3=P(Ks2), 

and the data M can be encrypted with the video conference 
data management program P by this generated third secret- 
key Ks3: 

Cmks3-E(Ks3 , M). 

What we claim is: 

1. A data copyright management apparatus used with a 
user terminal for utilizing digital data: 

said data copyright management apparatus comprising a 
central processing unit, a central processing unit bus, 
read-only semiconductor memory, electrically erasable 
programmable read-only memory, and read/write 
memory; 

wherein: 

said central processing unit, said read-only semiconductor 
memory, said electrically erasable programmable read- 
only memory, and said read/write memory are con- 
nected to said central processing unit bus, and a system 
bus of said user terminal is able to be connected to said 
central processing unit bus; 

a data copyright management system program, a copy- 
right management program, a cryptography program 
based on a crypt algorithm, and user information are 
stored in said read-only semiconductor memory; and 

a first public-key, a first private-key, a second public-key 
a second private-key,, a first secret-key, a second secret- 
key, and copyright information are stored in said elec- 
trically erasable programmable read-only memory. 

2. The data copyright management apparatus according to 
claim 1, which is configured in the form of an IC. 

3. The data copyright management apparatus according to 
claim 1, which is configured in the form of an IC card. 

4. The data copyright management apparatus according to 
claim 1, which is configured in the form of a PC card. 

5 ; The data copyright management apparatus according to 
claim 1, which is configured in the form of an insertion 
board. 
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